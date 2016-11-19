Stories
posted by Fnord666 on Sunday November 17, @06:41AM   Printer-friendly
from the protect-your-business dept.
Business Security

upstart writes:

Submitted via IRC for Bytram

Holiday Shoppers Beware: Look-Alike Domains Are Targeting Your Wallet

The holiday shopping season is approaching, and many consumers will find their gifts online. After all, cyber Monday has practically turned into its own major holiday. Unfortunately, as online shopping continues to grow, so does the targeting of consumers through malicious look-alike domains.

Cyber attackers create fraudulent domains by substituting a few characters in the URLs. Because they point to malicious online shopping websites that closely mimic legitimate, well-known retail websites, it makes it increasingly difficult for customers to detect the fake domains. Additionally, given that many of these malicious pages use a trusted TLS certificate, they appear to be safe to online shoppers who unknowingly provide sensitive account information and payment data.

[Note - This article is directed at retailers and ecommerce sites rather than consumers. - Fnord666]

Some interesting details:

  • Growth in the number of look-alike domains has more than doubled since 2018, outpacing legitimate domains by nearly four times.
  • The total number of certificates used for look-alike domains is more than 400% greater than the number of authentic retail domains.
  • Over half (60%) of the look-alike domains studied use free certificates from Let's Encrypt.

Original Submission


  • (Score: 2) by Subsentient on Sunday November 17, @06:50AM (2 children)

    by Subsentient (1111) <subsentientNO@SPAMuniverse2.us> on Sunday November 17, @06:50AM (#921202) Homepage Journal

    When Let's Encrypt launched, I knew this was going to happen. I warned SN about using Let's Encrypt several years ago because I foresaw major browsers dropping them as a trusted CA because of widespread abuse.

    Never, ever have faith in humanity. You will be disappointed EVERY time. My cynicism predicted this outcome. Wonder how long till they drop it as a CA. I predict Chrome will be the first to drop it.

    "The foolish man remains closed and tight, the wise man stretches himself in every way" -Goa Tse

    • (Score: 2) by Booga1 on Sunday November 17, @07:22AM

      by Booga1 (6333) on Sunday November 17, @07:22AM (#921204)

      The real problem is that people were taught to trust the icons.. I.E: they see a lock, or a green lock and think "I'm safe. This is the website I wanted."
      Google/Chrome has pushed this, even going so far as to declare unencrypted connections as "unsafe" even when they're perfectly fine. However, you may be right. They may be the first to drop them.
      Of course, ICANN's approval of internationalized domain names was also a horrible idea and now the predictions about malware and lookalikes are coming true.
      Let's Encrypt might still be safe since they are following guidelines and the domains are all legitimate, from a technical standpoint at least. I can't think of a certificate provider that verifies the actual website content. There's no point to that since all you need to do is serve "safe" content when you set things up and switch to malicious content later.

    • (Score: 0) by Anonymous Coward on Sunday November 17, @07:25AM

      by Anonymous Coward on Sunday November 17, @07:25AM (#921205)

      https://news.umich.edu/how-lets-encrypt-doubled-the-internets-percentage-of-secure-websites-in-four-years/ [umich.edu]

      Major browsers aren't dropping support for Let's Encrypt though. And Mozilla is one of the founders of Let's Encrypt.

      The major browsers can maintain or use blacklists instead. Are all of them are doing that?

